Speaker
Jon Homer
(Idaho National Laboratory)
Description
Vulnerability identification and remediation represents a fine art in the arena of computer security. Discover how the INL has approached scanning, reconciliation, notification, lifecycle tracking, closure, and reporting. We’ll briefly touch on the automation of patching, as well as the resulting impact on business processes and policy. We’ll discuss how we handle non-standard configurations and operating systems, accepted risks, cost vs. risk analysis, and non-cooperative system owners. The close will cover management metrics, requirements and drivers (OMB, PCSP, and Lab Directives), and audits (survival and response).
Primary author
Jon Homer
(Idaho National Laboratory)